Never trust the client side! So every call to the server for data should check if the user has access to that data, both querying and storing/deleting data.
Ldebrand is right: NEVER trust the client. Never send ANY sensitive data back to client that user is not supposed to see. – Peter Knego Feb 22 at 6:27.
You should include security on both sides. Just remember that security should never be "enforced" client side, but the UI should reflect the user's roles(i.e. You don't want to display an admin link for a user that isn't an admin).
You should enforce security at the service layer. If you were to enforce security client side it doesn't prevent a user from constructing a webservice call manually, but if the security is enforced at the service layer the request would be denied.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.